[Question] : Read-only access to deployed resources

[dfberry]

Does the engineer who deployed (az deploy) have read-only access to the resources to the point they can look at the secrets, database tables, etc?

[manekinekko]

I assume you meant azd deploy?

@savannahostrowski correct me if I am wrong, to my understanding, since the engineer needs to be logged in before deploying (azd login), then should have read/write access by default to all ressources. Is that correct?

[savannahostrowski]

Yep - they'll need to run azd auth login and then have a contributor role on the subscription.

[manekinekko]

@dfberry does that answers your question?